<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>PackageKit - Frequently Asked Questions</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<link rel="stylesheet" href="style.css" type="text/css" media="screen"/>
</head>
<body>

<table align="center" class="title">
<tr>
 <td><center><img src="img/packagekit.png" alt=""/></center></td>
 <td width="95%" valign="middle"><p class="title">Frequently Asked Questions</p></td>
 <td><center><img src="img/packagekit.png" alt=""/></center></td>
</tr>
</table>

<p>Back to the <a href="index.html">main page</a></p>

<h1>Frequently asked questions</h1>

<h2>Table Of Contents</h2>
<ul>
<li><a href="#how-complete">How complete are the backends?</a></li>
<li><a href="#repo-add-remove">Why can't I add or remove software sources</a></li>
<li><a href="#markup">Can I include formatting characters in package descriptions?</a></li>
<li><a href="#1-click-install">Does PackageKit support 1-Click Install?</a></li>
<li><a href="#command-not-found">How does the command not found functionality work?</a></li>
<li><a href="#session-system">Why is there a session service and and a system service?</a></li>
<li><a href="#session-methods">How do I use PackageKit in my application?</a></li>
<li><a href="#rawhide-updates">Why don't I get update details with Fedora Rawhide?</a></li>
<li><a href="#tray-icons">What do the tray icons mean?</a></li>
<li><a href="#no-percentage-updates">What if we don't support percentage updates?</a></li>
<li><a href="#remaining-times">Why are the remaining times sometimes wildly wrong?</a></li>
<li><a href="#different-options">How will PackageKit support all the different options?</a></li>
<li><a href="#error-codes">Error codes are different on each backend?</a></li>
<li><a href="#user-interaction">Installing packages needs user interaction!</a></li>
<li><a href="#up2date">Does PackageKit replace up2date?</a></li>
<li><a href="#system-daemon">Is PackageKit a system daemon, always running and using resources?</a></li>
<li><a href="#dependencies">How does PackageKit handle dependencies?</a></li>
<li><a href="#multiple-users">How does PackageKit work with multiple users?</a></li>
<li><a href="#use-existing-tools">Can users still use their normal package managers?</a></li>
<li><a href="#corporate-sponsor">Is there an organization sponsoring development of PackageKit?</a></li>
</ul>

<hr/>
<h3><a name="how-complete">How complete are the backends?</a></h3>
<p>
Backends do not have to be complete when they are added to PackageKit.
If a feature is not present then it is hidden in the UI, which will explain why on some
distributions the client tools look a little different to other distributions.
You can see the latest feature matrix <a href="pk-matrix.html">here</a>.
</p>

<hr/>
<h3><a name="repo-add-remove">Why can't I add or remove software sources?</a></h3>
<p>
In the software source viewer you can enable and disable repositories, but you
cannot rename, add or remove them.
This is a deliberate design choice chosen for the following reasons:
</p>
<ul>
<li>The mirrorlist and source URL formats are very different between distributions</li>
<li>There are better ways of adding sources, for instance installing the <code><i>repo</i>-release.rpm</code> package which also adds the GPG keys</li>
<li>Removing the <code>repo-release.rpm</code> removes the repo and any temporary files</li>
<li>Renaming a repo has no purpose</li>
</ul>

<h3><a name="markup">Can I include formatting characters in package descriptions?</a></h3>
<p>
Yes, as long as the descripions are formatted with
<a href="http://en.wikipedia.org/wiki/Markdown">Markdown</a> then the descriptions will be
formatted correctly in client programs.
Using Markdown is a deliberate choice as it does not force the vendor to adopt any specific
markup language.
An example Markdown package description would be:
</p>
<pre>
GNOME Power Manager uses the information and facilities
provided by HAL displaying icons and handling user
callbacks in an **interactive** GNOME session.

The following *GUI* programs are provided:
* `gnome-power-preferences` - set policy and change preferences
* `gnome-power-statistics` - view power graphs and device history
</pre>
<p>
This would be rendered by a text program as:
</p>
<pre>
GNOME Power Manager uses the information and facilities provided by HAL
displaying icons and handling user callbacks in an interactive GNOME session.

The following GUI programs are provided:
* gnome-power-preferences - set policy and change preferences
* gnome-power-statistics - view power graphs and device history
</pre>
<p>
A GUI front-end would format the text like this:
</p>
<table bgcolor="#eeeeee" cellpadding="6px"><tr><td>
<p>
GNOME Power Manager uses the information and facilities provided by HAL displaying icons and handling user callbacks in an <b>interactive</b> GNOME session.
</p>
<p>
The following <i>GUI</i> programs are provided:
</p>
<ul>
<li><code>gnome-power-preferences</code> - set policy and change preferences</li>
<li><code>gnome-power-statistics</code> - view power graphs and device history</li>
</ul>
</td></tr></table>
<p>
Update descriptions are also processed for markdown, for example:
</p>
<img src="img/gpk-markdown.png" alt=""/>
<hr/>

<h3><a name="command-not-found">How does the command not found functionality work?</a></h3>
<p>
The command not found functionality is a bash extension that allows PackageKit
to suggest similar commands, or to offer to install packages to provide commands.
It's probably best to click on the image and watch the video.
</p>
<a href="videos/pk-command-not-found.ogv"><img src="img/pk-command-not-found.png" alt=""/></a>
<hr/>

<h3><a name="1-click-install">Does PackageKit support 1-Click Install?</a></h3>
<p>
No, as they are a potential security problem. The issues are as follows:
</p>
<ul>
<li>
That some developer creates a repository with a package with a higher package epoch, and then the
distro releases a critical security package (with an updated version, but smaller epoch) and the
package does not get upgraded, leaving the user vulnerable.
</li>
<li>
The user installs some random repository, where the developer pushes a few svn packages.
The developer gets bored, and stop produces updates, and then one of the old packages blocks
on the distribution update, causing no further automatic system updates.
</li>
<li>
There's no signing of 1-click-install files, so we can't actually be sure that they come from a
reputable source.
</li>
<li>
There's no localization in the 1-click-files.
For instance, if we only show a French language speaker a description of "remote exploit trojan"
they are not going to understand the description.
</li>
</ul>
<p>
So what's the solution? Using a standard <code>$vendor-release.rpm</code> or <code>.deb</code>
you can ship the standard repo or source with a signed GPG key.
PackageKit also supports <a href="#catalogs">catalogs</a> which can install sets of files provided by
your distro.
</p>
<p>
Quoting Sebastian Heinlein,
<i>Allowing to easily add third party repositories and install third party software without a
certification infrastructure is like opening the gates to hell.
Most user just don't have got the technical understanding to handle this well.</i>
</p>

<hr/>
<h3><a name="session-system">Why is there a session service <b>and</b> and a system service?</a></h3>
<p>
PackageKit runs a process <code>packagekitd</code> that is a daemon that runs per-system.
The daemon lets you schedule transactions using either the raw
<a href="http://gitweb.freedesktop.org/?p=packagekit.git;a=blob;f=src/org.freedesktop.PackageKit.Transaction.xml">
DBUS methods</a>, or using <a href="https://www.freedesktop.org/software/PackageKit/gtk-doc/PkClient.html">libpackagekit</a>.
The transactions are very fine grained, so an application would have to manage
<a href="https://www.freedesktop.org/software/PackageKit/gtk-doc/introduction-ideas-transactions.html">
the transaction process</a> itself.
This would mean handling the EULA and GPG callbacks in each application. This is less than ideal.
</p>
<p>
For this reason, a session helper is provided which makes all the
complexity go away; it handles all the GPG key authentication and
EULA agreements, and also works with authentication agent and user settings.
Using the session service is also designed to be synchronous, which means
you can send the DBUS call and just wait for the result, rather than
managing callbacks to update custom GUIs.
</p>
<p>
The session helper is implemented in <code>gpk-update-icon</code> on GNOME,
and is also availble when <code>apper</code> is installed on KDE.
If you want full integration using custom dialogs without running the extra
session process, then use libpackagekit.
If you don't care, and just want things to <i>work</i> then
<a href="https://www.freedesktop.org/software/PackageKit/pk-faq.html#session-methods">use the session interface</a>.
If you want a demo, you can download <a href="files/session.c">session.c</a> for a
session example and <a href="files/system.c">system.c</a> as a system example.
</p>
<p>
Compile with:
</p>
<pre>
gcc -o session -Wall session.c `pkg-config --cflags --libs gio-2.0`
gcc -o system -Wall system.c `pkg-config --cflags --libs packagekit-glib`
</pre>

<hr/>
<h3><a name="session-methods">How do I use PackageKit in my application?</a></h3>
<p>
Using the shared session interface you can use the following DBUS methods
to make PackageKit just do the right thing.
All the additional
<a href="https://www.freedesktop.org/software/PackageKit/gtk-doc/introduction-ideas-transactions.html">
confirmation, package downloads, GPG and EULA prompting is done automatically.</a>
</p>
<p>
The DBUS methods are designed to be run syncronously, but can be run
async using <code>g_dbus_proxy_call</code> and getting the status with
<code>g_dbus_proxy_call_finish</code>.
There is example code available <a href="files/session.c">in c</a> or
<a href="files/session.py">in python</a>.
</p>
<p>
The methods available on this interface are:
</p>
<ul>
<li><code>InstallPackageName("openoffice-clipart")</code></li>
<li><code>InstallProvideFile("/usr/share/fonts/sarai/Sarai_07.ttf")</code></li>
<li><code>InstallLocalFile("/home/dave/Desktop/lirc-0.6.6-4.rhfc1.dag.i686.rpm")</code></li>
<li><code>InstallMimeType("application/x-rpm")</code></li>
<li><code>InstallFont("lang(en_GB)")</code></li>
</ul>
<p>
Please email me or the
<a href="http://lists.freedesktop.org/mailman/listinfo/packagekit">mailing list</a>
if you have any other questions
</p>

<hr/>
<h3><a name="rawhide-updates">Why don't I get update details with Fedora Rawhide?</a></h3>
<p>
The Rawhide repository does not supply metadata needed for the update-viewer to display extra
information about the update, such as changelogs, CVE and bugzilla references.
Only released versions of Fedora have this metadata.
</p>

<hr/>
<h3><a name="no-percentage-updates">What if the backend package manager doesn't support percentage updates?</a></h3>
<p>
You don't have to have a backend that supports percentage updates.
If you don't know the progress, just emit NoPercentageUpdates and then the UI
should just do the right thing and spin backwards and forwards.
</p>

<hr/>
<h3><a name="remaining-times">Why are the remaining times sometimes not present or wildly wrong?</a></h3>
<p>
The remaining time to completion of the transaction is calculated using an
average time of the time between percentage updates points, extrapolated to 100%.
This means that backends that give accurate and frequent percentage-changed
signals will get accurate times.
</p>
<p>
If a backend updates the percentage using very course updates
(e.g. 20%, 40%, 60%, 80%, 100%) then the remaining time algorithm will not
perform well.
Similarly, if the duration of 0% to 50% takes 2 minutes and 50% to 100% takes
10 minutes then at first the time will be reported under the true time to
completion.
It is up to the backends to map the transaction progress to fine-granularity
accurate percentage updates, at least as best as possible.
</p>

<hr/>
<h3><a name="different-options">With all the differences between backends, how will PackageKit support all the different options?</a></h3>
<p>
Backends don't have to support all options of all methods.
Just set an error and return false if not implemented.
</p>

<hr/>
<h3><a name="error-codes">But error codes are different on each backend?</a></h3>
<p>
Error codes have to be standardized so they can be localized.
The error detail field can just be the untranslatable output.
If you are creating a backend and you need another error enum, mention it
and we can add it to the supported list.
</p>

<hr/>
<h3><a name="user-interaction">How will PackageKit handle installation an application that needs user interaction?</a></h3>
<p>
Upgrading, installing or removing packages <b>has to be 100% silent</b>.
</p>
<p>
The user cannot be prompted mid-transaction for questions as these will not be
handled in PackageKit.
The backend should do the right thing, as these questions mean very
little to the average user.
</p>
<p>
The reasons for this are as follows:
</p>
<ul>
 <li>
  The messages cannot be translated as the daemon is running in the C locale,
  and there may be multiple running session clients in different locales.
 </li>
 <li>
  Stopping the transaction and waiting for input would also mean the methods
  are no longer "fire and forget".
 </li>
 <li>
  Security updates can now be performed automatically, i.e.
  when the user is idle.
  There's no user at the console in this case to answer questions.
 </li>
 <li>
  Due to the client/server split of PackageKit, a non-root user would be able
  to change the answer of debconf scripts, and another PolicyKit role would have
  to be defined.
  In this case a situation could arise where a user is able to update software,
  but not agree to EULAs, thus making the transaction invalid and impossible.
 </li>
</ul>
<p>
EULAs or other agreements will have to be agreed to <b>before</b> the
transaction is processed using the <code>EulaRequired</code> signal.
EULAs should preferably be shown per-user - i.e. the first time an application is run.
</p>
<p>
PackageKit will not install packages with broken maintainer scripts that
require a stdin.
<a href="http://www.debian.org/doc/debian-policy/ch-binary.html#s-maintscriptprompt">Debian</a>
policy clearly says that prompting on <code>stdin</code> instead of using debconf is deprecated.
If this is attempted the backend should detect this and error out of the
transaction with <code>PK_ERROR_ENUM_BROKEN_PACKAGE</code>.
<b>We cannot and will not ask the user for random standard input.</b>
</p>
<p>
See the <a href="http://wiki.debian.org/PackageKit">Debian PackageKit wiki</a>
for more details and further discussion.
</p>
<p>
If the transaction needs to tell the user something, the <code>Message()</code>
method can be used that will localise the message up the stack, and also give the user a way
of ignoring duplicate messages of this type. We really don't want to be doing things like
<a href="http://tieguy.org/blog/2008/04/11/second-worst-dialog-i-saw-during-a-recent-ubuntu-upgrade/">this</a>
or <a href="http://weblogs.mozillazine.org/gerv/archives/2008/04/upgrading_to_hardy.html">this</a>.
</p>

<hr/>
<h3><a name="up2date">Does PackageKit replace up2date?</a></h3>
<p>
PackageKit does not replace up2date.
PackageKit is a way for users to interact with the packaging system, not for an
administrator to install software on remote machines.
</p>

<hr/>
<h3><a name="system-daemon">Is PackageKit a system daemon, always running and using resources?</a></h3>
<p>
PackageKit is not yet another system daemon.
It quits when not doing anything, and only starts when something wants
information or a task completed.
</p>

<hr/>
<h3><a name="dependencies">How does PackageKit handle dependencies?</a></h3>
<p>
PackageKit <b>does not do</b> dependency resolution.
This problem has already been solved by the backend systems and we don't really
want to re-invent the wheel.
</p>
<p>
PackageKit does not have the fine-grained API to do everything.
For instance, synaptic should still use libapt as can do much more than can be
provided by PackageKit.
</p>

<hr/>
<h3><a name="multiple-users">How does PackageKit work with multiple users?</a></h3>
<p>
PackageKit is designed from the ground up to work with fast user switching and
logging in and out of sessions during upgrades.
You can start a package install, log out, log in as another user, all without
corruption.
</p>

<hr/>
<h3><a name="use-existing-tools">Can users still use their normal package managers and backends, such as Yum, APT or Conary?</a></h3>
<p>
PackageKit does not stop you using the low level tools, in fact it quits as soon
as possible if a native tool is waiting to be run.
</p>

<hr/>
<h3><a name="corporate-sponsor">Is there an organization or corporation sponsoring development of PackageKit?</a></h3>
<p>
PackageKit is not sponsored by anyone, although I now work at Red Hat full time
on PackageKit and several other projects.
</p>

<p>Back to the <a href="index.html">main page</a></p>

<!-- space for the links to be at the top -->
<br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/>
<br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/>

<p class="footer">
 Copyright <a href="mailto:richard@hughsie.com">Richard Hughes 2007-2013</a><br/>
 <a href="http://validator.w3.org/check/referer">Optimized</a>
 for <a href="http://www.w3.org/">standards</a>.
</p>

</body>
</html>

